Lucene search

[email protected]NVD:CVE-2024-22200

HistoryJan 30, 2024 - 4:15 p.m.

CVE-2024-22200

2024-01-3016:15:48

CWE-200

[email protected]

web.nvd.nist.gov

vantage6-ui

docker image

nginx version

leakage

mitigation

angular application

vulnerability

patched

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.

Affected configurations

Nvd

Node

vantage6vantage6-uiRange<4.2.0

VendorProductVersionCPE
vantage6vantage6-ui*cpe:2.3:a:vantage6:vantage6-ui:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vantage6	vantage6-ui	*	cpe:2.3:a:vantage6:vantage6-ui::::::::

References

github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020

github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-22200

prion1 cvelist1 osv1 cve1